# def has_permission(api_token, url, method):
#     # 客户端请求的方法和url
#     # get/v1/monitor
#     mypermission = method + url
#     # 获取此api_token对象的所有url权限
#     all_permission = [permission.method_type + permission.url
#                       for permission in api_token.manage]
#     #['get/v1/monitor', 'post/v1/monitor']
#
#     if mypermission in all_permission:
#         return True
#     else:
#         return False
#
#
# def verify_token(token):
#     s = TJS(current_app.config["SECRET_KEY"])
#     try:
#         data = s.loads(token)
#     except BadSignature:
#         print("xxxxxxxxxxxxxxxx")
#         raise TokenFailException
#         #raise RuntimeError("签名错误")
#     except SignatureExpired:
#         raise RuntimeError("token过期")
#     return data
#
#
# def create_token(uid):
#     #第一个参数传递内部私钥,测试环境写死
#     #第二个参数是有效期
#     s = TJS(current_app.config["SECRET_KEY"], expires_in=current_app.config["EXPIRES_IN"])
#     #s = TJS("123456", expires_in=10)
#     token = s.dumps({"uid":uid}).decode("ascii")
#     return token
#
